The Palo-Alto's also don't support anything but NAT64, so depending on what you meant by the IPv6 side is sharing "one address" might not be correct. *Spencer Ryan* | Senior Systems Administrator | sryan@arbor.net *Arbor Networks* +1.734.794.5033 (d) | +1.734.846.2053 (m) www.arbornetworks.com On Tue, Jul 5, 2016 at 11:40 AM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
I would go through the password recovery options on the PaloAlto.
as a next gen firewall you need to ensure you are getting all the latets rulesets and detection code through - check your subscription with them
once you've sorted out access you can look at the policies and ensure that the IPv6 AV filtering rules match that for IPv4 - fairly easy with their interface. (check your codebase version for feature abilities....once again, you may need to deal with PA to ensure your codebase is current. these things get OLD quickly
as for NAT for IOV6. nope. and turning it off ISNT the answer (yes, its an answer...just the wrong one! ;-) )
alan